Beruflich Dokumente
Kultur Dokumente
• Definitions
• Using 3rd Party Certificate Authorities
• Single Host
• Multi Host with “Wildcard” SSL Certificate
─ Trusted 3rd Party or Commercial CAs which charge to issue certificates. Their
Trusted Root certificates are included in most internet browsers.
− Think of a passport issued by your country's passport authority.
─ Self Signed or Closed System where your company is it's own CA. You control the
Root Certificate for the organization.
− Think of your company issued ID badge that lets you into your office building.
* https://ssl.netcraft.com/ssl-sample-report//CMatch/certs
XYZ Company
1) “Common Name”
(DNS Server Name)
2) Organization and
Optional fields
3) NO ABBREVIATIONS in
“State or Province” field,
4) 2 character country
code -
5) Click “Create Key Ring”
XYZ Company
XYZ Company
XYZ Company
XYZ Company
Julio.Jalapeno@SpicySSL.co
m
● Note: Because we
selected “Redirect to
SSL” you will be
automatically switched
to SSL (https://)
● The Browser does not
display any error
prompts.
● The Lock Icon displays.
● Most browsers won't work with a Wildcard SSL Certificates of more than one
level. In other words a Wildcard Certificate for *.spicyssl.com will not work for
inotes.mail.spicyssl.com or best.recipe.for.spicyssl.com.
XYZ Company
Click “OK” on the Certificate
received into key ring and
designated as trusted root prompt.
● You can open standard HTTP:// access and send end users a URL link to the
Domino CA Certificate Request database. This database has a built in function
to accept the Domino Certificate Authority as a Trusted Root in their browser as
we are about to see.
* An alternate method of
installing the Domino CA
Trusted Root certificate is
provides as Appendix 1 at the
end of the presentation
John.doe@xyzcom
● Create and Sign an email to
your associate.
● After creating the message
select:
1) Delivery Options
2) Sign
3) OK
4) Send
John Doe/XYZ
John Doe/XYZ
The information contained in this publication is provided for informational purposes only. While efforts were made to verify the completeness and accuracy of the information contained in this publication, it is provided AS IS without
warranty of any kind, express or implied. In addition, this information is based on IBM’s current product plans and strategy, which are subject to change by IBM without notice. IBM shall not be responsible for any damages arising out of
the use of, or otherwise related to, this publication or any other materials. Nothing contained in this publication is intended to, nor shall have the effect of, creating any warranties or representations from IBM or its suppliers or licensors,
or altering the terms and conditions of the applicable license agreement governing the use of IBM software.
References in this presentation to IBM products, programs, or services do not imply that they will be available in all countries in which IBM operates. Product release dates and/or capabilities referenced in this presentation may change
at any time at IBM’s sole discretion based on market opportunities or other factors, and are not intended to be a commitment to future product or feature availability in any way. Nothing contained in these materials is intended to, nor
shall have the effect of, stating or implying that any activities undertaken by you will result in any specific sales, revenue growth or other results.
IBM, the IBM logo, Lotus, Lotus Notes, Notes, Domino, Quickr, and Lotusphere are trademarks of International Business Machines Corporation in the United States, other countries, or both.
Microsoft and Windows are trademarks of Microsoft Corporation in the United States, other countries, or both.
Other company, product, or service names may be trademarks or service marks of others.
All references to Spicy SSL refer to a fictitious company and are used for illustration purposes only.
• Appendix 1
• Install the Domino CA Certifier Trusted Root Certificate Alternate
Method
• Appendix 2
• Requesting, Processing & Installing a Client Certificate from a Domino CA Single
Host
• Appendix 3
• Export a X.509 Certificate from your browser and Import into your Notes ID
● Click “OK”
● Click “Certificates”
● Click “Save”
© 2011 IBM Corporation
196
Appendix 3
Export a X.509 Certificate from your browser
and Import into your Notes ID 7
● Click “Next”
\JohnCert.pfx
\JohnCert.pfx
John Doe
John.Doe@SpicySSL.com John.Doe@SpicySSL.com
Internet Cert
\JohnCert.pfx
John.Doe@SpicySSL.com
John.Doe@SpicySSL.com John.Doe@SpicySSL.com
● Click “OK”